Author: jmm-guest
Date: 2006-01-14 11:55:13 +0000 (Sat, 14 Jan 2006)
New Revision: 3295
Modified:
data/CVE/list
Log:
bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-14 11:33:50 UTC (rev 3294)
+++ data/CVE/list 2006-01-14 11:55:13 UTC (rev 3295)
@@ -1,8 +1,8 @@
CVE-2006-XXXX [php5 response splitting]
- - php5 <unfixed> (bug filed)
+ - php5 <unfixed> (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-XXXX [php5 mysqli format string issue]
- - php5 <unfixed> (bug filed)
+ - php5 <unfixed> (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes
code in ...)
NOT-FOR-US: Microsoft
@@ -95,7 +95,7 @@
NOTE: The whole black list approach is flawed, for the DSA we''ll
switch to
NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the
auth_ldap_log_reason ...)
- - libapache-auth-ldap <removed>
+ - libapache-auth-ldap <removed> (bug #347416)
NOTE: DSA in preparation
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with
...)
NOT-FOR-US: SimpBook
@@ -985,7 +985,7 @@
NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for
...)
{DSA-939-1}
- - fetchmail 6.3.1-1 (bug #343836; low)
+ - fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown
capabilities]
RESERVED
- util-vserver 0.30.208-1
@@ -1582,7 +1582,7 @@
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames
and ...)
NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall
Trac ...)
- - trac 0.9.2-1 (medium)
+ - trac 0.9.2-1 (bug #342232; medium)
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote
...)
NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in
NetAuctionHelp ...)
@@ -1766,7 +1766,7 @@
CVE-2005-3981 (** DISPUTED ** ...)
NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in
Edgewall ...)
- - trac 0.9.1-1 (medium)
+ - trac 0.9.1-1 (bug #341697; medium)
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and
1.4 ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium
...)
@@ -2824,7 +2824,7 @@
- libextractor 0.5.9-1
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf,
pdftohtml, ...)
{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
- - poppler 0.4.4-1
+ - poppler 0.4.4-1 (bug #346076)
- kdegraphics 3.5.0-3
- gpdf <unfixed>
- xpdf 3.01-4
@@ -2840,7 +2840,7 @@
- libextractor 0.5.9-1
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
- - poppler 0.4.4-1
+ - poppler 0.4.4-1 (bug #346076)
- kdegraphics 3.5.0-3
- xpdf 3.01-4
- gpdf <unfixed>
@@ -2848,7 +2848,7 @@
- libextractor 0.5.9-1
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for
xpdf, ...)
{DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
- - poppler 0.4.4-1
+ - poppler 0.4.4-1 (bug #346076)
- gpdf <unfixed>
- kdegraphics 3.5.0-3
- xpdf 3.01-4
@@ -3024,7 +3024,7 @@
- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and
earlier ...)
{DSA-933-1}
- - hylafax 2:4.2.4-2
+ - hylafax 2:4.2.4-2 (bug #347298)
NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts
...)
- hylafax 2:4.2.4-1
@@ -11798,7 +11798,7 @@
{DSA-850-1}
- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump
3.9.1 ...)
- - tcpdump 3.8.3-4
+ - tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
REJECTED
CVE-2005-1276